CVE-2019-15582

2020-01-2802:36:05

CWE-639

hackerone

www.cve.org

EPSS

0.001

Percentile

38.7%

JSON

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

CNA Affected

[
  {
    "product": "GitLab EE",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": "before 12.3.2"
      },
      {
        "status": "affected",
        "version": "before 12.2.6"
      },
      {
        "status": "affected",
        "version": "before 12.1.12"
      }
    ]
  }
]